Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Authentication Services for Smart Cards Administration Guide

One Identity Privileged Access Suite for Unix Introducing Authentication Services for Smart Cards Installing Authentication Services for Smart Cards Configuring Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs
Testing Authentication Services for Smart Cards Troubleshooting

The vastool smartcard command line utility

vastool is a script-friendly command line utility that exposes a wide range of functionality to the Unix/Linux system administrator. Authentication Services for Smart Cards adds an additional smartcard command to allow configuration and troubleshooting of smart card-related issues. The following table lists some of the commands and functionality which you can access by running vastool smartcard command. For a complete list, see the vastool man page.

Table 1: vastool smartcard commands
Command Function
configure Configure smart card related settings such as the PKCS#11 driver and PAM
info Display information about smart cards and drivers
pin Change smart card PIN
test Test smart card functionality
trusted-certs Manage the store of trusted certificates
unconfigure Remove smart card related settings

Vendor PKCS#11 drivers

PKCS#11 is a standard software interface for accessing cryptographic functions on smart cards. Authentication Services for Smart Cards uses the vendor-provided PKCS#11 drivers to interface with the card.

One Identity provides the drivers as a shared library, and you will need to know the name and location of this library when you configure Authentication Services for Smart Cards.

Note: Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki). See RSA Laboratories for details of this standard.

Installing Authentication Services for Smart Cards

Before you install the smart card drivers and the Authentication Services software, you must first install the Authentication Services 4.1 agent and join your Unix host to the Active Directory domain.

Refer to the Authentication Services Installation Guide located in the docs directory of the installation media for step-by-step instructions.

Installing vendor smart card drivers

When using Authentication Services for Smart Cards, you must install and configure vendor drivers for your cards and readers. For example, you must have a working PKCS#11 library. This is a shared library that implements the PKCS#11 Cryptographic Token Interface Standard. Consult your smart card vendor documentation for more details.

Note: Please follow the instructions in the release notes of the vendor smart card driver to enable the smart card reader on the Sun SPARC system.

Related Documents